PNNL Study Targets Authentication Vulnerability of Connected Lighting Systems

CEW 13 Controls 400

July 3, 2020
By Craig DiLouie

The U.S. Department of Energy has released the results of a study examining authentication vulnerabilities in connected lighting systems (CLS). Particularly as emerging CLS incorporate distributed intelligence, network interfaces and sensors, they can serve as data-collection platforms that enable a wide range of valuable new capabilities as well as greater energy savings in buildings and cities. However, CLS technology is currently at an early stage of development, and its increased connectivity introduces cybersecurity risks that are new to the lighting industry and must be addressed for successful integration with other systems.

There are numerous existing frameworks and guidelines for evaluating cybersecurity vulnerability, such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework, the NIST 800 series comprising more than 150 resources, the International Electrotechnical Commission (IEC) 62443 series, International Organization for Standardization 27001 and 27002, Unified Facilities Criteria (UFC) 4-010-06, and UL 2900-1. Furthermore, a variety of testing resources are widely available, including the Open Web Application Security Project (OWASP) Testing Guide. While these frameworks, guidelines, and tests may apply to CLS in whole or in part, there is currently no mandatory requirement for cybersecurity testing or certification.

Photo: Conceptual representation of multiple connected lighting systems, showing common system architecture variations and technology implementations:

CEW 13 Multiple Connection Lighting System 400

The lighting industry, including technology developers and specification organizations, is currently evaluating the suitability of existing frameworks and guidelines for CLS. To support these efforts, the Pacific Northwest National Laboratory (PNNL) is conducting a series of studies intended to educate lighting-industry stakeholders on specific cybersecurity practices and characterize their implementation in commercially available CLS with varying system architectures, network-communication technologies, and degrees of maturity.

The first study explores authentication practices and their implementation in multiple CLS. A total of 18 tests were developed by UL and implemented in PNNL’s Connected Lighting Test Bed (CLTB). The tests explore the implementation of basic authentication best practices as well as known technology-specific best practices. As a result, not all tests are applicable to all CLS.

A total of 40 out of 72 potential tests (4 CLS, 18 potential tests each) were applicable for 4 evaluated CLS, and the CLS collectively passed 26 of the 40 tests (65%). While pass/fail ratio is a simple way of reporting test results, it is not really a relevant metric. Cybersecurity vulnerability testing is a risk-analysis practice; the relevance of passing or failing a certain test is best evaluated in concert with an understanding of the risk associated with that vulnerability in a specific implementation. Nevertheless, pass/fail ratios give some indication of the range of performance found in market-available CLS.

Based on the limited results of this study, it appears that the CLS being brought to market have varying levels of authentication vulnerability. It is hoped that these evaluations will support and perhaps accelerate industry discussions on the risks of specific security vulnerabilities, what vulnerabilities should be addressed by lighting-specific best practices in development, and whether any such practices should be included in voluntary lighting standards.

PNNL plans to conduct more authentication testing and to work with UL and other cybersecurity experts to explore authorization vulnerabilities. PNNL will bring these results to the ANSI C137 Lighting Systems ad-hoc working group focusing on cybersecurity vulnerability, for consideration in the creation and development of new standards.

Go HERE for the report

Craig DiLouie, LC, is Education Director for the Lighting Controls Association. Reprinted with permission of the Lighting Controls Association, www.lightingcontrolsassociation.org

Photo by jaydeep_ on Pixabay

Related Articles


Changing Scene

  • LEDVANCE Expands Ontario Presence with New Specification Agent

    LEDVANCE Expands Ontario Presence with New Specification Agent

    LEDVANCE is pleased to announce the appointment of Sterling Architectural Products Ltd. (Sterling Lights) as their new specification agent in Ontario. This partnership strengthens LEDVANCE’s presence in the region and reinforces their commitment to serving the professional lighting design and specification community with innovative, reliable lighting solutions. With decades of experience and a service-driven mindset,… Read More…

  • May 29, 2025 - Eureka Wins Three 2025 Red Dot Awards for Product Design

    Eureka Wins Three 2025 Red Dot Awards for Product Design

    Eureka is pleased to announce that its Velia, Cirra, and Junction luminaires have each received a 2025 Red Dot Design Award for Product Design. It is the 11th consecutive year that Eureka products have been honored with this prestigious award, which is a testament to the company’s consistency and relentless drive to design exceptional luminaires.… Read More…


Design

  • Mac’s II Agencies: Case Study – Tesoro, Vancouver, BC

    Mac’s II Agencies: Case Study – Tesoro, Vancouver, BC

    At the crest of False Creek, Tesoro stands as a contemporary interpretation of classic luxury, offering 92 exclusive waterfront homes in the heart of Vancouver. Developed by Concert Properties, this 17-story residential tower embraces a distinctly modern character, harmonizing sleek design with timeless sophistication. The vision for Tesoro extended beyond its architectural presence—it was about… Read More…

  • LightForm: Estiluz – Versatile Solutions for Sophisticated Spaces

    LightForm: Estiluz – Versatile Solutions for Sophisticated Spaces

    For anyone seeking high-performance lighting that blends elegance with engineering, Estiluz offers an exceptional range of solutions. This Spanish brand, family-owned since 1969, creates lighting that balances form, function, and flexibility, making it ideal for both bold architectural statements and subtle design enhancements. At LightForm, they are proud to be the exclusive Canadian distributor of… Read More…


New Products

  • Cyclone Lighting Introduces New Taji Luminaire

    Cyclone Lighting Introduces New Taji Luminaire

    Cyclone Lighting is excited to announce the release of its new Taji luminaire. Taji’s captivating design features high-performance optics and enhances a variety of aesthetics. Taji’s distinctive, stylish silhouette and slender lines are a refreshing departure from the ubiquitous dome luminaire. The unique flared form maintains a slender, minimalist feel yet provides high-performance optics. The… Read More…

  • Leviton Releases New Decora Smart Wi-Fi 0-10V Dimmer for Home & Small Business Lighting Control

    Leviton Releases New Decora Smart Wi-Fi 0-10V Dimmer for Home & Small Business Lighting Control

    Leviton has announced the launch of the Decora Smart Wi-Fi 0-10V Dimmer (D2710), expanding its comprehensive Wi-Fi lighting and load control solutions that work with the My Leviton app. As the first Matter-compatible 0-10V smart dimmer, the new 120V/277V device makes it easy to add 0-10V dimming to smart platforms such as Apple Home, Amazon… Read More…